WO2008008621A2 - Method and apparatus for securely moving and returning digital content - Google Patents
Method and apparatus for securely moving and returning digital content Download PDFInfo
- Publication number
- WO2008008621A2 WO2008008621A2 PCT/US2007/072174 US2007072174W WO2008008621A2 WO 2008008621 A2 WO2008008621 A2 WO 2008008621A2 US 2007072174 W US2007072174 W US 2007072174W WO 2008008621 A2 WO2008008621 A2 WO 2008008621A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- content key
- digital content
- content data
- content
- original digital
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012546 transfer Methods 0.000 abstract description 18
- 230000006870 function Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000010200 validation analysis Methods 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1079—Return
Definitions
- Embodiments of the present invention generally relate to copy management systems that utilize digital rights management functions for communicating content. More specifically, the present invention relates to a method and apparatus for securely moving and returning digital content.
- Digital content data has recently gained wide acceptance in the public. Such digital content data includes, but is not limited to: movies, videos, music, and the like. Consequently, many consumers and businesses employ various digital media devices or systems that enable the reception of such digital multimedia content via different communication channels (e.g., a wireless satellite link, a wired cable connection, etc.). Similarly, many consumers and businesses utilize a copy management system to transport the digital content data in a secure fashion.
- communication channels e.g., a wireless satellite link, a wired cable connection, etc.
- a portable video player with a standard definition display and internal memory is capable of acquiring digital content from a PVR so long as the copy on the PVR is deleted or disabled. Consequently, the PVR transcodes the stored content to a lower resolution or lower quality (that is, a lower bitrate, thereby requiring less memory to store) so that the PVP device is able to accept, store, and later play back the content.
- a lower resolution or lower quality that is, a lower bitrate, thereby requiring less memory to store
- the digital content subscriber may be reluctant to utilize this service, since the digital content will now be in a lower resolution version. Any future secure move back to the original PVR device would only move this lower resolution or lower quality version (e.g., the original HD resolution will be lost).
- the present invention discloses an apparatus and method for re-enabling digital content data. From a security perspective, it is important that only a single device possesses the key to the one valid copy. Thus, on the original secure move from the PVR, the content is re-encrypted before transfer. A portion of the key matching the now disabled PVR copy is also transferred, so that neither the PVR nor the reduced resolution device possess the complete key to that disabled content. When the secure move "back" to the PVR occurs, the only real need is to restore the missing portion of the key, and then delete the reduced resolution copy and its key. Afterwards, the recreated original content key is used to re-enable the digital content data in the PVR.
- FIG. 1 depicts a block diagram of a system for facilitating the transfer of digital content over a communications network in accordance with the present invention
- FIG. 2 depicts a method for transferring digital content in accordance with the present invention
- FIG. 3 depicts a method for re-enabling digital content in accordance with the present invention.
- FIG. 4 is a block diagram depicting an exemplary embodiment of a computer suitable for implementing the processes and methods described herein.
- FIG. 1 is a block diagram of a content distribution system 100 (e.g., a cable system or an Internet Protocol rights management (IPRM) system) that utilizes a conditional access system (e.g. MediaCipherTM) or an authenticated key management protocol (e.g., MOTOROLA ESBrokerTM protocol) to facilitate the secure transfer of digital rights and content.
- the system 100 comprises a content provider 108 (e.g., a broadcast source or a streaming server), a communications network 112 (e.g., a cable network or the Internet), and a local network 102. Although only one content provider 108 and one local network 102 are depicted, those skilled in the art realize that any number of content providers or local networks may be included in the system 100.
- the local network 102 may comprise a home network that includes a personal video recorder (PVR) 104 and a plurality of portable video player (PVP) devices 106i N - Each of the devices 106i N may comprise a cellular phone, a portable laptop computer, a personal digital assistant (PDA), or any like device with a screen display.
- the PVR 104 is typically a single device (e.g., a set top box (STB), a digital video recorder (DVR), a personal computer (PC), etc.) that may function as a media gateway or hub for the local network 102.
- STB set top box
- DVR digital video recorder
- PC personal computer
- the PVR 104 may be configured to transfer stored digital content data 112 and content keys to the devices 106i N - Similarly, the PVR 104 may also receive content keys from the devices 106i N - Depending on the embodiment or the type of devices, the PVR 104 and the PVP devices 106i N may communicate and transfer digital content data over a physical medium, such as a memory card or a wired connection. Similarly, the communication between the PVR 104 and devices may also be conducted via a wireless connection such as infrared, BLUETOOTH, 802.11 , or other like technology.
- the PVR 104 comprises both a disk storage area 116 and a secure storage area 110.
- the disk storage area 116 may comprise a hard disk, a memory cache, or like component that contains the stored encrypted digital content data 118 (e.g., subscription television content, pay-per-view content, etc.).
- the secure storage area 110 may comprise a secure smart chip or the like, which cannot be accessed by the host device, or a specially encrypted portion of a non-volatile memory.
- the original content keys 114 e.g., content decryption keys
- the content provider 108 may comprise a cable headend that broadcasts digital content data (e.g., television programs).
- the content provider 108 distributes digital content utilizing a conditional access system, and the PVR 104 receives, decrypts, and then subsequently re-encrypts and stores that content in its hard disk.
- a PVR device 104 is used to transfer stored digital content data 118 to a requesting PVP 106.
- the PVR 104 receives a request for stored digital content 118 from a PVP 106 (e.g., the PVR user's cellular phone).
- the requested digital content data 118 stored on the PVR 104 may be restricted so that only a certain number of copies may be permitted to exist.
- the stored digital content 118 may be characterized as having a "copy once" permission where only one usable copy of the content may exist (e.g., either on the PVR 104 or a PVP 106) at any given time.
- the present invention may be used to "disable” or delete the content key associated with the digital content 118 stored on the PVR 104 so that it will not be accessible during the time the digital content is being utilized by the requesting PVP 106 device.
- the PVR 104 is also permitted to retain the present version of the digital content data, which may be of higher quality than the version that is to be transferred to the PVP 106.
- a PVR 104 may contain video that is encoded in a high definition (HD) format.
- the PVR 104 When the PVR 104 receives a request for the video from a PVP 106, the PVR 104 transcodes the movie content into a format (i.e., an instance or version) that can be viewed by the PVP 106 (e.g., SD, CIF, and the like). Specifically, the new compatible format is a downgraded version (as compared to the original version) so that the resolution requirements of the PVP 106 may be met. Therefore, instead of permanently removing the original digital content 118 from the PVR 104 in order to adhere to the "copy once" restriction, the associated content key may be "disabled" or partially deleted so that the original content 118 cannot be viewed by the PVR 104.
- a format i.e., an instance or version
- the new compatible format is a downgraded version (as compared to the original version) so that the resolution requirements of the PVP 106 may be met. Therefore, instead of permanently removing the original digital content 118 from the PVR 104
- a new content key is created to encrypt the transcoded version of the original digital content 118.
- the new content key comprises a portion of the original content key.
- the new content key may utilize a "generator seed" of the original content key, thereby effectively disabling the original content key (since only a "partial" original content key remains).
- the original content key is disabled by transferring "half of the key to the destination PVP 106 device as part of a new content key.
- the PVR 104 may initially generate a plurality of randomly generated "seeds", e.g., S1 , S2, and S3, during a key generation process.
- the original content key may be generated from two of the seeds (e.g., S1 and S2), for example, by processing the two seeds through a one-way cryptographic function.
- the content key may be created by combining the two seeds using a simpler function.
- a new content key may be derived by using one of the seeds (e.g., S2) that is used to create the original content key along with an originally "unused” seed (e.g., S3).
- a one way function can be employed on the two "generator" seeds (e.g., S2 and S3) to generate the new content key.
- S2 and S3 are subsequently provided to the PVP 106, and the original content key is deleted in the PVR.
- Transferring S2 but not S1 ensures that neither the PVR nor the PVP can generate the original key. Subsequently, returning S2 securely to the PVR re-enables its content.
- S2 and S3 can be transferred, and the PVP can recreate the new key by using the same generator function as used in the PVR.
- the content After the transcoded digital content is securely moved to the requesting PVP 106, the content must retain a unique identity in order to facilitate the eventual transfer back to the PVR 104. If the original content key has been completely or partially deleted from the PVR 104 during the process of moving the digital content to the PVP device 106, then the identifier itself does not need to be secured. Notably, the content's intrinsic protection is that the associated key only provides value to a user if the identifier is not altered.
- the identifier would have to be protected securely (e.g., with a secure protocol) so that the digital content is always matched to the corresponding identifier.
- the PVR 104 is configured to reconstruct the original content key after receiving back the relevant information from the PVP 106.
- the PVR 104 acquires the same seed (e.g. S2) that was used in creating the original key, as well as having the PVP remove its stored copy of the new content key and also S2. Consequently, the full-quality copy of the "disabled" digital content will be accessible after the original content key is reconstructed.
- the encrypted digital content stored on the PVP 106 is not electronically transferred back to the PVR 104.
- the digital content utilized by the PVP 106 is in a lower resolution or lower quality format as compared to format of the original digital content stored on the PVR 104.
- the original digital content is already stored in a "disabled" format (i.e., the content is still present, but the content keys needed to decrypt the content are disabled).
- the action of "moving back” content is actually the transfer back of the PVP's content key seeds (or at least the portion S2 that was removed from the PVR) to indicate the user's intention of disabling/deleting the content on the external device, and re- enabling it on the PVR 104 in its full quality version.
- the PVP should not retain a copy of S2 nor the key generated from S2 and S3.
- one way to implement such a "re-enable" function is to send back both S2 and S3, (or equivalently, S2 and the new content key) and have the PVR 104 security subsystem check S3 or the new content key using its prior copy of S3.
- the PVR 104 can re-enable its high quality stored content and make it available to the PVR 104 user.
- the PVR 104 may be configured to save a hash value of the original content key for later validation purposes. Namely, a validation/verification procedure may be conducted after the original content key is reconstructed by comparing the original content key hash value to the reconstructed content key hash value. If the respective hash values are identical, then the reconstructed content key is validated.
- FIG. 2 illustrates a method 200 for reserving digital rights data in accordance with the present invention.
- the method 200 begins at step 202 and proceeds to step 204, where a request to transfer digital content is received.
- a PVP 106 e.g., a cellular phone with a screen display
- the transfer request may be completed by utilizing a wireless means, made over some type of physical connection, or using some type of physical component (e.g., a memory card).
- the requested digital content is prepared for transfer.
- the PVR 104 identifies the type of device requesting the content and prepares the digital content for compatibility. For example, the PVR 104 transcodes the digital content data (e.g., HD to SD) into a format that is more appropriate to the PVP 106.
- the digital content data e.g., HD to SD
- a new content key for the transcoded content is generated.
- a new content key for the requested digital content is created by acquiring a generator portion (i.e., a generator seed) of the original content key and incorporating it as a portion of the new content key.
- the new content key for the requested digital content data is formed by merging the generator portion of the original key along with a second content key "portion" (e.g., using seeds as mentioned above).
- Step 208 includes the encryption of the transcoded content by the PVR 104.
- the requested digital content data, the new content key, and a generator seed (e.g., S2) of the original key are transferred.
- the requested digital content data and corresponding content keys are securely transferred to the requesting PVP 106.
- step 210 effectively disables the original content key stored in the PVR 104, as a portion of that key, or one of its generators, no longer exists in the PVR.
- the secure transfer of the digital content and keys may comprise any method that is known in the art (e.g., MOTOROLA ESBrokerTM protocol, or a Diffie Hellman based protocol).
- seeds S2 and S3 are transferred to the PVP 106, which subsequently uses S2 and S3 to reconstruct the new content key.
- the method 200 then ends at step 212.
- FIG. 3 illustrates a method 300 for re-enabling digital content data in accordance with the present invention.
- the method 300 begins at step 302 and proceeds to step 304, where a request to transfer digital content from a PVP 106 is received.
- a PVR 104 receives a request from the PVP 106 to "return" the digital content back to the PVR 104.
- a content key field is received by PVR 104 over a secure protocol.
- the content key field contains two portions.
- One portion of the content key field constitutes a part (e.g., the seed S2) of the original content key that was produced in step 208 of method 200 and is needed to decrypt the digital content data stored on the PVR 104.
- the other portion is the content key (or equivalently, S3) that was utilized to decrypt the transcoded digital content data initially provided to the PVP 106 (see method 200).
- the PVR 104 may be configured to save a hash value of the original content key for later validation purposes. Namely, a validation/verification procedure may be conducted after the original content key is reconstructed by comparing the original content key hash value to the reconstructed content key hash value. If the respective hash values are identical, then the reconstructed content key is validated.
- the original content key is recreated.
- the PVR 104 reconstructs the original content key by merging the remaining stored portion from the original content key (i.e., the "non-extracted” portion) and the recently obtained content key portion (from step 306).
- the original content key is used to re-enable the previously stored digital content data.
- the PVR 104 utilizes the recently reconstructed original content key to access the stored higher quality digital content data.
- the method 300 ends at step 312.
- a time limit functionality may be implemented in conjunction with the present invention.
- the secure hardware subsystems on both the PVR 104 and the external unit e.g., PVP 106
- the secure hardware subsystems on both the PVR 104 and the external unit may be configured to re-enable (in the PVR) and delete or disable (in the PVP) the digital content data at a common predefined time.
- the secure move procedure described above would be implicitly accomplished in an automated pre-planned fashion. Therefore, the need for a user to physically bring a PVP back to the PVR for a digital content transfer would be unnecessary so long as the DRM system in use supports secure time on the PVR 104 and the PVP 106. This can only work if the PVR content disable process retains a local copy of the original key, or S2 parameter, hence the "reduced security.”
- greater trust must be placed in the PVR secure hardware.
- FIG. 4 depicts a high level block diagram of a PVR 104 or general purpose computer suitable for use in performing the functions described herein.
- the system 400 comprises a processor element 402 (e.g., a CPU), a memory 404, e.g., random access memory (RAM) and/or read only memory (ROM) and/or persistent memory (Flash), a digital content management module 405, and various input/output devices 406 (e.g., storage devices, including but not limited to, a tape drive, a floppy drive, a hard disk drive, a compact disk drive, a receiver, a transmitter, a speaker, a display, a speech synthesizer, an output port, and a user input device (such as a keyboard, a keypad, a mouse, etc.) and the like.
- a processor element 402 e.g., a CPU
- a memory 404 e.g., random access memory (RAM) and/or read only memory (ROM) and/or persistent memory
- the present invention can be implemented in software and/or in a combination of software and hardware, e.g., using application specific integrated circuits (ASIC), a general purpose computer or any other hardware equivalents.
- the digital content management module or process 405 can be loaded into memory 404 and executed securely by processor 402 to implement the functions as discussed above.
- the present digital content management module 405 (including associated data structures) of the present invention can be stored securely on a computer readable medium or carrier, e.g., RAM memory, magnetic or optical drive or diskette and the like.
Abstract
The present invention discloses an apparatus and method for transferring digital content data. In one example, original digital content data stored on a first device in an encrypted state is transcoded (after being decrypted) to create a modified version of the original digital content data. The modified version of the original digital content data is then encrypted with a new content key. The modified version and at least one content key generator are transferred to a second device, where the at least one content key generator is used to recreate the new content key for enabling (and decrypting) the modified version of the original digital content data at the second device. Notably, the original digital content data stored in the first device is disabled contemporaneously with the transfer of the modified version and the at least one content key generator to the second device. Afterwards, the disabled original digital content data is re-enabled on the first device, and disabled on the second device.
Description
METHOD AND APPARATUS FOR SECURELY MOVING AND RETURNING
DIGITAL CONTENT
BACKGROUND OF THE INVENTION Field of the Invention
[0001] Embodiments of the present invention generally relate to copy management systems that utilize digital rights management functions for communicating content. More specifically, the present invention relates to a method and apparatus for securely moving and returning digital content.
Description of the Related Art
[0002] Digital content data has recently gained wide acceptance in the public. Such digital content data includes, but is not limited to: movies, videos, music, and the like. Consequently, many consumers and businesses employ various digital media devices or systems that enable the reception of such digital multimedia content via different communication channels (e.g., a wireless satellite link, a wired cable connection, etc.). Similarly, many consumers and businesses utilize a copy management system to transport the digital content data in a secure fashion.
[0003] Many copy management systems currently support the notion of "copy once" permission, where copying incoming digital content on a home personal video recorder (PVR) is allowed so long as no further copy of the now stored content is made. In addition to streaming and playback, these copy management systems also typically permit a "secure move" functionality that enables the "copy once" content to be transferred to another device. Namely, the PVR is capable of transferring the stored digital content to another player device within a home network (e.g., devices within proximity of the PVR) or device owned and/or registered by the user. Often, such player devices typically support reduced memory, or displays characterized by reduced resolution. In one scenario, a portable video player (PVP) with a standard definition display and internal memory is capable of acquiring digital content from a PVR so long as the copy on the PVR is deleted or disabled.
Consequently, the PVR transcodes the stored content to a lower resolution or lower quality (that is, a lower bitrate, thereby requiring less memory to store) so that the PVP device is able to accept, store, and later play back the content. Despite the mobility and flexibility afforded, however, the digital content subscriber may be reluctant to utilize this service, since the digital content will now be in a lower resolution version. Any future secure move back to the original PVR device would only move this lower resolution or lower quality version (e.g., the original HD resolution will be lost).
[0004] Thus, there is a need in the art for a more effective method and apparatus for securely moving lower resolution or lower quality copies, and then restoring the original high-resolution or high-quality versions on any subsequent secure move "back," thus re-enabling the original disabled digital content data. This feature then amounts to a secure "check-out" of copy once content.
SUMMARY OF THE INVENTION
[0005] In one embodiment, the present invention discloses an apparatus and method for re-enabling digital content data. From a security perspective, it is important that only a single device possesses the key to the one valid copy. Thus, on the original secure move from the PVR, the content is re-encrypted before transfer. A portion of the key matching the now disabled PVR copy is also transferred, so that neither the PVR nor the reduced resolution device possess the complete key to that disabled content. When the secure move "back" to the PVR occurs, the only real need is to restore the missing portion of the key, and then delete the reduced resolution copy and its key. Afterwards, the recreated original content key is used to re-enable the digital content data in the PVR.
BRIEF DESCRIPTION OF THE DRAWINGS
[0006] So that the manner in which the above recited features of the present invention can be understood in detail, a more particular description of the
invention, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only typical embodiments of this invention and are therefore not to be considered limiting of its scope, for the invention may admit to other equally effective embodiments.
[0007] FIG. 1 depicts a block diagram of a system for facilitating the transfer of digital content over a communications network in accordance with the present invention;
[0008] FIG. 2 depicts a method for transferring digital content in accordance with the present invention;
[0009] FIG. 3 depicts a method for re-enabling digital content in accordance with the present invention; and
[0010] FIG. 4 is a block diagram depicting an exemplary embodiment of a computer suitable for implementing the processes and methods described herein.
[0011] To facilitate understanding, identical reference numerals have been used, wherever possible, to designate identical elements that are common to the figures.
DETAILED DESCRIPTION
[0012] FIG. 1 is a block diagram of a content distribution system 100 (e.g., a cable system or an Internet Protocol rights management (IPRM) system) that utilizes a conditional access system (e.g. MediaCipher™) or an authenticated key management protocol (e.g., MOTOROLA ESBroker™ protocol) to facilitate the secure transfer of digital rights and content. In one embodiment, the system 100 comprises a content provider 108 (e.g., a broadcast source or a streaming server), a communications network 112 (e.g., a cable network or the Internet), and a local network 102. Although only one content provider
108 and one local network 102 are depicted, those skilled in the art realize that any number of content providers or local networks may be included in the system 100.
[0013] The local network 102 may comprise a home network that includes a personal video recorder (PVR) 104 and a plurality of portable video player (PVP) devices 106i N- Each of the devices 106i N may comprise a cellular phone, a portable laptop computer, a personal digital assistant (PDA), or any like device with a screen display. The PVR 104 is typically a single device (e.g., a set top box (STB), a digital video recorder (DVR), a personal computer (PC), etc.) that may function as a media gateway or hub for the local network 102. In addition, the PVR 104 may be configured to transfer stored digital content data 112 and content keys to the devices 106i N- Similarly, the PVR 104 may also receive content keys from the devices 106i N- Depending on the embodiment or the type of devices, the PVR 104 and the PVP devices 106i N may communicate and transfer digital content data over a physical medium, such as a memory card or a wired connection. Similarly, the communication between the PVR 104 and devices may also be conducted via a wireless connection such as infrared, BLUETOOTH, 802.11 , or other like technology.
[0014] The PVR 104 comprises both a disk storage area 116 and a secure storage area 110. The disk storage area 116 may comprise a hard disk, a memory cache, or like component that contains the stored encrypted digital content data 118 (e.g., subscription television content, pay-per-view content, etc.). The secure storage area 110 may comprise a secure smart chip or the like, which cannot be accessed by the host device, or a specially encrypted portion of a non-volatile memory. The original content keys 114 (e.g., content decryption keys) are stored in the secure storage area 110.
[0015] The content provider 108 may comprise a cable headend that broadcasts digital content data (e.g., television programs). In one embodiment, the content provider 108 distributes digital content utilizing a
conditional access system, and the PVR 104 receives, decrypts, and then subsequently re-encrypts and stores that content in its hard disk.
[0016] In one embodiment of the present invention, a PVR device 104 is used to transfer stored digital content data 118 to a requesting PVP 106. Initially, the PVR 104 receives a request for stored digital content 118 from a PVP 106 (e.g., the PVR user's cellular phone). The requested digital content data 118 stored on the PVR 104, however, may be restricted so that only a certain number of copies may be permitted to exist. For example, the stored digital content 118 may be characterized as having a "copy once" permission where only one usable copy of the content may exist (e.g., either on the PVR 104 or a PVP 106) at any given time. Consequently, the present invention may be used to "disable" or delete the content key associated with the digital content 118 stored on the PVR 104 so that it will not be accessible during the time the digital content is being utilized by the requesting PVP 106 device. By disabling the content key of the stored digital content 118, the PVR 104 is also permitted to retain the present version of the digital content data, which may be of higher quality than the version that is to be transferred to the PVP 106. For example, a PVR 104 may contain video that is encoded in a high definition (HD) format. When the PVR 104 receives a request for the video from a PVP 106, the PVR 104 transcodes the movie content into a format (i.e., an instance or version) that can be viewed by the PVP 106 (e.g., SD, CIF, and the like). Specifically, the new compatible format is a downgraded version (as compared to the original version) so that the resolution requirements of the PVP 106 may be met. Therefore, instead of permanently removing the original digital content 118 from the PVR 104 in order to adhere to the "copy once" restriction, the associated content key may be "disabled" or partially deleted so that the original content 118 cannot be viewed by the PVR 104. The same approach applies when the original content resolution is acceptable for the PVP 106, but the content is transcoded to a lower bit rate, that is, a lower quality, so as to reduce the amount of storage required at the PVP 106.
[0017] Before the original content key is disabled or deleted, a new content key is created to encrypt the transcoded version of the original digital content 118. In one embodiment, the new content key comprises a portion of the original content key. For example, the new content key may utilize a "generator seed" of the original content key, thereby effectively disabling the original content key (since only a "partial" original content key remains). Specifically, the original content key is disabled by transferring "half of the key to the destination PVP 106 device as part of a new content key. In one embodiment, the PVR 104 may initially generate a plurality of randomly generated "seeds", e.g., S1 , S2, and S3, during a key generation process. The original content key may be generated from two of the seeds (e.g., S1 and S2), for example, by processing the two seeds through a one-way cryptographic function. Alternatively, the content key may be created by combining the two seeds using a simpler function. In the event of a digital content transfer, a new content key may be derived by using one of the seeds (e.g., S2) that is used to create the original content key along with an originally "unused" seed (e.g., S3). For example, a one way function can be employed on the two "generator" seeds (e.g., S2 and S3) to generate the new content key. After encrypting the new version of the content with the new key, the new content key, as well as S2, is subsequently provided to the PVP 106, and the original content key is deleted in the PVR. Transferring S2 but not S1 ensures that neither the PVR nor the PVP can generate the original key. Subsequently, returning S2 securely to the PVR re-enables its content. Equivalently, instead of transferring the new key and S2 to the PVP, S2 and S3 can be transferred, and the PVP can recreate the new key by using the same generator function as used in the PVR.
[0018] After the transcoded digital content is securely moved to the requesting PVP 106, the content must retain a unique identity in order to facilitate the eventual transfer back to the PVR 104. If the original content key has been completely or partially deleted from the PVR 104 during the process of moving the digital content to the PVP device 106, then the identifier itself does not
need to be secured. Notably, the content's intrinsic protection is that the associated key only provides value to a user if the identifier is not altered. If the original key had not been deleted or partially deleted from the PVR 104, but instead only disabled with the expectation of eventual re-use, then the identifier would have to be protected securely (e.g., with a secure protocol) so that the digital content is always matched to the corresponding identifier.
[0019] For example, in one embodiment, the PVR 104 is configured to reconstruct the original content key after receiving back the relevant information from the PVP 106. Notably, the PVR 104 acquires the same seed (e.g. S2) that was used in creating the original key, as well as having the PVP remove its stored copy of the new content key and also S2. Consequently, the full-quality copy of the "disabled" digital content will be accessible after the original content key is reconstructed.
[0020] In the event the digital content needs to be reinstated to the PVR 104 from the PVP device 106 (presumably after viewing), the encrypted digital content stored on the PVP 106 is not electronically transferred back to the PVR 104. Typically, the digital content utilized by the PVP 106 is in a lower resolution or lower quality format as compared to format of the original digital content stored on the PVR 104. Thus, there is no reason to expend the time and resources that are needed to securely move the inferior digital content back to the PVR device 104 since the original digital content is already stored in a "disabled" format (i.e., the content is still present, but the content keys needed to decrypt the content are disabled). Therefore, the action of "moving back" content is actually the transfer back of the PVP's content key seeds (or at least the portion S2 that was removed from the PVR) to indicate the user's intention of disabling/deleting the content on the external device, and re- enabling it on the PVR 104 in its full quality version. The PVP should not retain a copy of S2 nor the key generated from S2 and S3.
[0021] Alternatively, one way to implement such a "re-enable" function is to send back both S2 and S3, (or equivalently, S2 and the new content key) and
have the PVR 104 security subsystem check S3 or the new content key using its prior copy of S3. In any case, once the secure transfer back is completed, the PVR 104 can re-enable its high quality stored content and make it available to the PVR 104 user. In another embodiment, the PVR 104 may be configured to save a hash value of the original content key for later validation purposes. Namely, a validation/verification procedure may be conducted after the original content key is reconstructed by comparing the original content key hash value to the reconstructed content key hash value. If the respective hash values are identical, then the reconstructed content key is validated.
[0022] FIG. 2 illustrates a method 200 for reserving digital rights data in accordance with the present invention. The method 200 begins at step 202 and proceeds to step 204, where a request to transfer digital content is received. In one embodiment, a PVP 106 (e.g., a cellular phone with a screen display) is used to transmit a transfer request to a PVR 104. The transfer request may be completed by utilizing a wireless means, made over some type of physical connection, or using some type of physical component (e.g., a memory card).
[0023] At step 206, the requested digital content is prepared for transfer. In one embodiment, the PVR 104 identifies the type of device requesting the content and prepares the digital content for compatibility. For example, the PVR 104 transcodes the digital content data (e.g., HD to SD) into a format that is more appropriate to the PVP 106.
[0024] At step 208, a new content key for the transcoded content is generated. In one embodiment, a new content key for the requested digital content is created by acquiring a generator portion (i.e., a generator seed) of the original content key and incorporating it as a portion of the new content key. Namely, the new content key for the requested digital content data is formed by merging the generator portion of the original key along with a second content key "portion" (e.g., using seeds as mentioned above). Step 208 includes the encryption of the transcoded content by the PVR 104.
[0025] At step 210, the requested digital content data, the new content key, and a generator seed (e.g., S2) of the original key are transferred. In one embodiment, the requested digital content data and corresponding content keys are securely transferred to the requesting PVP 106. In one embodiment, step 210 effectively disables the original content key stored in the PVR 104, as a portion of that key, or one of its generators, no longer exists in the PVR. The secure transfer of the digital content and keys may comprise any method that is known in the art (e.g., MOTOROLA ESBroker™ protocol, or a Diffie Hellman based protocol). In another embodiment, seeds S2 and S3 are transferred to the PVP 106, which subsequently uses S2 and S3 to reconstruct the new content key. The method 200 then ends at step 212.
[0026] FIG. 3 illustrates a method 300 for re-enabling digital content data in accordance with the present invention. The method 300 begins at step 302 and proceeds to step 304, where a request to transfer digital content from a PVP 106 is received. In one embodiment, a PVR 104 receives a request from the PVP 106 to "return" the digital content back to the PVR 104.
[0027] At step 306, a content key field is received by PVR 104 over a secure protocol. In one embodiment, the content key field contains two portions. One portion of the content key field constitutes a part (e.g., the seed S2) of the original content key that was produced in step 208 of method 200 and is needed to decrypt the digital content data stored on the PVR 104. The other portion is the content key (or equivalently, S3) that was utilized to decrypt the transcoded digital content data initially provided to the PVP 106 (see method 200). In another embodiment, the PVR 104 may be configured to save a hash value of the original content key for later validation purposes. Namely, a validation/verification procedure may be conducted after the original content key is reconstructed by comparing the original content key hash value to the reconstructed content key hash value. If the respective hash values are identical, then the reconstructed content key is validated.
[0028] At step 308, the original content key is recreated. In one embodiment, the PVR 104 reconstructs the original content key by merging the remaining
stored portion from the original content key (i.e., the "non-extracted" portion) and the recently obtained content key portion (from step 306).
[0029] At step 310, the original content key is used to re-enable the previously stored digital content data. In one embodiment, the PVR 104 utilizes the recently reconstructed original content key to access the stored higher quality digital content data. The method 300 ends at step 312.
[0030] In one reduced security extended embodiment, a time limit functionality may be implemented in conjunction with the present invention. Notably, the secure hardware subsystems on both the PVR 104 and the external unit (e.g., PVP 106) may be configured to re-enable (in the PVR) and delete or disable (in the PVP) the digital content data at a common predefined time. Essentially, the secure move procedure described above would be implicitly accomplished in an automated pre-planned fashion. Therefore, the need for a user to physically bring a PVP back to the PVR for a digital content transfer would be unnecessary so long as the DRM system in use supports secure time on the PVR 104 and the PVP 106. This can only work if the PVR content disable process retains a local copy of the original key, or S2 parameter, hence the "reduced security." Thus for this extension feature, greater trust must be placed in the PVR secure hardware.
[0031] FIG. 4 depicts a high level block diagram of a PVR 104 or general purpose computer suitable for use in performing the functions described herein. As depicted in FIG. 4, the system 400 comprises a processor element 402 (e.g., a CPU), a memory 404, e.g., random access memory (RAM) and/or read only memory (ROM) and/or persistent memory (Flash), a digital content management module 405, and various input/output devices 406 (e.g., storage devices, including but not limited to, a tape drive, a floppy drive, a hard disk drive, a compact disk drive, a receiver, a transmitter, a speaker, a display, a speech synthesizer, an output port, and a user input device (such as a keyboard, a keypad, a mouse, etc.) and the like.
[0032] It should be noted that the present invention can be implemented in software and/or in a combination of software and hardware, e.g., using application specific integrated circuits (ASIC), a general purpose computer or any other hardware equivalents. In one embodiment, the digital content management module or process 405 can be loaded into memory 404 and executed securely by processor 402 to implement the functions as discussed above. As such, the present digital content management module 405 (including associated data structures) of the present invention can be stored securely on a computer readable medium or carrier, e.g., RAM memory, magnetic or optical drive or diskette and the like.
[0033] While various embodiments have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of a preferred embodiment should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.
Claims
1. A method for transferring digital content data, comprising: transcoding original digital content data stored in an encrypted state in a first device to create a modified version of said original digital content data; encrypting said modified version with a new content key; transferring said modified version and at least one content key generator to a second device, wherein said at least one content key generator is used to recreate the new content key for enabling said modified version at said second device; disabling said original digital content data stored in said first device contemporaneously with said transferring step; and re-enabling said disabled original digital content data at said first device and contemporaneously disabling said modified version at said second device.
2. The method of claim 1 , wherein said original digital content data is disabled by transferring a content key generator used to derive an original content key used to encrypt the original digital content data, and said disabled original digital content data is re-enabled upon a return of said content key generator from said second device to said first device.
3. The method of claim 1 , further comprising: disabling said modified version on said second device by either transferring one or more of said at least one of said content key generator back to said first device, or by deleting one or more of said at least one of said content key generators.
4. The method of claim 2, wherein said original content key is created by using a first content key generator and a second content key generator, and wherein said second content key generator is used in conjunction with a third content key generator to create said new content key for encrypting and enabling said modified version.
5. The method of claim 4, wherein the original digital content data in said first device is disabled by transferring said second content key generator to said second device, wherein said original digital content data is re-enabled upon transferring said second content key generator back to said first device, and wherein said modified version is enabled on said second device by transferring said second and third content key generators to said second device.
6. The method of claim 5, wherein said second device cannot access said first content key generator which is securely stored in said first device.
7. The method of claim 4, wherein at least one of said original content key or said new content key is generated using a one-way function.
8. The method of claim 2, wherein said disabled original digital content data includes a unique identifier that corresponds to said content key generator and said original digital content data.
9. The method of claim 1 , wherein said re-enabling comprises: re-enabling said disabled original digital content data in said first device and disabling said transcoded version in said second device after a predefined time period.
10. An apparatus for transferring digital content data, comprising: means for transcoding original digital content data stored in an encrypted state in a first device to create a modified version of said original digital content data; means for encrypting said modified version with a new content key; means for transferring said modified version and at least one content key generator to a second device, wherein said at least one content key generator is used to recreate the new content key for enabling said modified version at said second device; means for disabling said original digital content data stored in said first device contemporaneously with said transferring step; and means for re-enabling said disabled original digital content data at said first device and contemporaneously disabling said modified version at said second device.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP07840293.0A EP2044568B1 (en) | 2006-07-13 | 2007-06-27 | Method and apparatus for securely moving and returning digital content |
MX2009000389A MX2009000389A (en) | 2006-07-13 | 2007-06-27 | Method and apparatus for securely moving and returning digital content. |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/457,219 | 2006-07-13 | ||
US11/457,219 US20080015997A1 (en) | 2006-07-13 | 2006-07-13 | Method and apparatus for securely moving and returning digital content |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008008621A2 true WO2008008621A2 (en) | 2008-01-17 |
WO2008008621A3 WO2008008621A3 (en) | 2009-04-16 |
Family
ID=38924007
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/072174 WO2008008621A2 (en) | 2006-07-13 | 2007-06-27 | Method and apparatus for securely moving and returning digital content |
Country Status (4)
Country | Link |
---|---|
US (1) | US20080015997A1 (en) |
EP (1) | EP2044568B1 (en) |
MX (1) | MX2009000389A (en) |
WO (1) | WO2008008621A2 (en) |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8639627B2 (en) * | 2007-07-06 | 2014-01-28 | Microsoft Corporation | Portable digital rights for multiple devices |
JP2009033369A (en) * | 2007-07-26 | 2009-02-12 | Sony Corp | Recorder, reproducer, recording and reproducing device, imaging device, recording method and program |
US8290156B2 (en) * | 2008-05-16 | 2012-10-16 | General Instrument Corporation | Communicating media content from a DVR to a portable device |
US8462954B2 (en) * | 2008-05-30 | 2013-06-11 | Motorola Mobility Llc | Content encryption using at least one content pre-key |
JP5549903B2 (en) * | 2008-09-14 | 2014-07-16 | 雅英 田中 | Content receiving device and distribution device |
US20100138900A1 (en) * | 2008-12-02 | 2010-06-03 | General Instrument Corporation | Remote access of protected internet protocol (ip)-based content over an ip multimedia subsystem (ims)-based network |
US9866609B2 (en) * | 2009-06-08 | 2018-01-09 | Time Warner Cable Enterprises Llc | Methods and apparatus for premises content distribution |
US8635163B2 (en) * | 2010-01-13 | 2014-01-21 | Green Man Gaming Limited | System and method for facilitating a video game exchange |
US9030536B2 (en) | 2010-06-04 | 2015-05-12 | At&T Intellectual Property I, Lp | Apparatus and method for presenting media content |
US9787974B2 (en) | 2010-06-30 | 2017-10-10 | At&T Intellectual Property I, L.P. | Method and apparatus for delivering media content |
US8918831B2 (en) | 2010-07-06 | 2014-12-23 | At&T Intellectual Property I, Lp | Method and apparatus for managing a presentation of media content |
US9049426B2 (en) | 2010-07-07 | 2015-06-02 | At&T Intellectual Property I, Lp | Apparatus and method for distributing three dimensional media content |
US9032470B2 (en) | 2010-07-20 | 2015-05-12 | At&T Intellectual Property I, Lp | Apparatus for adapting a presentation of media content according to a position of a viewing apparatus |
US9560406B2 (en) | 2010-07-20 | 2017-01-31 | At&T Intellectual Property I, L.P. | Method and apparatus for adapting a presentation of media content |
US9232274B2 (en) | 2010-07-20 | 2016-01-05 | At&T Intellectual Property I, L.P. | Apparatus for adapting a presentation of media content to a requesting device |
US8994716B2 (en) | 2010-08-02 | 2015-03-31 | At&T Intellectual Property I, Lp | Apparatus and method for providing media content |
US8438502B2 (en) | 2010-08-25 | 2013-05-07 | At&T Intellectual Property I, L.P. | Apparatus for controlling three-dimensional images |
US20120130900A1 (en) * | 2010-11-19 | 2012-05-24 | General Instrument Corporation | System and Method for Trading Unused Digital Rights |
FI20115143A0 (en) * | 2011-02-15 | 2011-02-15 | P2S Media Group Oy | Quarantine procedure for virtual goods to be sold |
US9445046B2 (en) | 2011-06-24 | 2016-09-13 | At&T Intellectual Property I, L.P. | Apparatus and method for presenting media content with telepresence |
US9030522B2 (en) | 2011-06-24 | 2015-05-12 | At&T Intellectual Property I, Lp | Apparatus and method for providing media content |
US9602766B2 (en) | 2011-06-24 | 2017-03-21 | At&T Intellectual Property I, L.P. | Apparatus and method for presenting three dimensional objects with telepresence |
US8947497B2 (en) | 2011-06-24 | 2015-02-03 | At&T Intellectual Property I, Lp | Apparatus and method for managing telepresence sessions |
US8587635B2 (en) | 2011-07-15 | 2013-11-19 | At&T Intellectual Property I, L.P. | Apparatus and method for providing media services with telepresence |
CA2939357C (en) * | 2014-02-26 | 2019-03-12 | Arris Enterprises Llc | Copy count for dtcp with an abbreviation hash used for check in copy |
US10701430B2 (en) * | 2014-04-30 | 2020-06-30 | Sling Media L.L.C. | Automated optimization of synchronized video content |
US10717005B2 (en) | 2017-07-22 | 2020-07-21 | Niantic, Inc. | Validating a player's real-world location using activity within a parallel reality game |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2867868A1 (en) | 2004-03-19 | 2005-09-23 | Tan Truyen Tran | Software and data protection method, involves dynamically dearchiving secret encryption key from sub-keys at each usage of programs/data, and dynamically decrypting protected programs or data by decryption algorithm and secret key |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6978370B1 (en) * | 1996-09-03 | 2005-12-20 | Cryptography Research, Inc. | Method and system for copy-prevention of digital copyright works |
JP3269015B2 (en) * | 1997-09-18 | 2002-03-25 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Digital watermark system |
US6141753A (en) * | 1998-02-10 | 2000-10-31 | Fraunhofer Gesellschaft | Secure distribution of digital representations |
US6809792B1 (en) * | 2000-10-09 | 2004-10-26 | Eastman Kodak Company | Spectral watermarking for motion picture image data |
WO2002035327A2 (en) * | 2000-10-24 | 2002-05-02 | Nds Limited | Transferring electronic content |
EP1215907A3 (en) * | 2000-12-07 | 2006-04-26 | Sony United Kingdom Limited | Watermarking material and transferring watermarked material |
JP3965126B2 (en) * | 2002-03-20 | 2007-08-29 | 松下電器産業株式会社 | Playback device for playing content |
US7349553B2 (en) * | 2002-04-29 | 2008-03-25 | The Boeing Company | Watermarks for secure distribution of digital data |
US7730518B2 (en) * | 2003-07-31 | 2010-06-01 | Emc Corporation | Method and apparatus for graph-based partition of cryptographic functionality |
US8019198B2 (en) * | 2004-11-30 | 2011-09-13 | Panasonic Corporation | Recording and reproducing apparatus |
JP4283210B2 (en) * | 2004-11-30 | 2009-06-24 | パナソニック株式会社 | Content management apparatus, content management method, integrated circuit, and program |
JP4792876B2 (en) * | 2005-08-30 | 2011-10-12 | 株式会社日立製作所 | Information processing apparatus and information processing method |
-
2006
- 2006-07-13 US US11/457,219 patent/US20080015997A1/en not_active Abandoned
-
2007
- 2007-06-27 EP EP07840293.0A patent/EP2044568B1/en not_active Not-in-force
- 2007-06-27 MX MX2009000389A patent/MX2009000389A/en active IP Right Grant
- 2007-06-27 WO PCT/US2007/072174 patent/WO2008008621A2/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2867868A1 (en) | 2004-03-19 | 2005-09-23 | Tan Truyen Tran | Software and data protection method, involves dynamically dearchiving secret encryption key from sub-keys at each usage of programs/data, and dynamically decrypting protected programs or data by decryption algorithm and secret key |
Also Published As
Publication number | Publication date |
---|---|
EP2044568B1 (en) | 2015-04-15 |
EP2044568A4 (en) | 2013-01-09 |
EP2044568A2 (en) | 2009-04-08 |
WO2008008621A3 (en) | 2009-04-16 |
US20080015997A1 (en) | 2008-01-17 |
MX2009000389A (en) | 2009-03-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2044568B1 (en) | Method and apparatus for securely moving and returning digital content | |
US11886545B2 (en) | Federated digital rights management scheme including trusted systems | |
US8413256B2 (en) | Content protection and digital rights management (DRM) | |
US7864953B2 (en) | Adding an additional level of indirection to title key encryption | |
US20130283051A1 (en) | Persistent License for Stored Content | |
US20060282391A1 (en) | Method and apparatus for transferring protected content between digital rights management systems | |
US20090199287A1 (en) | Systems and methods for conditional access and digital rights management | |
AU2010276315B2 (en) | Off-line content delivery system with layered encryption | |
US20040139312A1 (en) | Categorization of host security levels based on functionality implemented inside secure hardware | |
US20060107285A1 (en) | System and method for providing authorized access to digital content | |
JP4847145B2 (en) | Method for managing consumption of digital content in a client domain and apparatus embodying the method | |
US7650312B2 (en) | Method and system to enable continuous monitoring of integrity and validity of a digital content | |
CA2586172C (en) | System and method for providing authorized access to digital content | |
KR20110004332A (en) | Processing recordable content in a stream | |
CN108076352B (en) | Video anti-theft method and system | |
CA2593952C (en) | Method and apparatus for providing a border guard between security domains | |
US20100275023A1 (en) | Transmitter, receiver, and content transmitting and receiving method | |
US20100275022A1 (en) | Transmitter, receiver, and content transmitting and receiving method | |
US11349640B2 (en) | Dynamic broadcast content access management systems and methods | |
KR101423955B1 (en) | Contents distribution method and system according to contents access control for user terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07840293 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007840293 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2009/000389 Country of ref document: MX |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |